Posted
by
kdawsonon Sunday March 07, 2010 @08:23PM
from the single-point-of-well-you-know dept.

ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."

What karma? People who already gave Ubisoft their money can't play. Looks to me that Ubisoft's dogma is alive and barking.

Go on, argue that all those idiots won't be dumb enough to give Ubisoft more money next time. I'll bet that anyone retarded enough to do it once isn't the sort of person likely to learn from their mistakes.

It's just amusing that it's so close to the release that we've seen it happen. If people don't wake up and smell the coffee on this one we'll all be bent over a barrel with every new game release from now on.

There's no way that an home user can afford five nines internet access, so even if it isn't the authentication server end that's a problem, well, you're screwed anyway. Hell, if there's problems at higher tier routing you're probably going to be screwed anyway. I've seen this happen before with MMOs. If the servers were hosted locally (ie, in Australia, where I am from) we'd still be able to connect, but due to international routing problems no one in Australia was able to play. I know that's a bit off topic, but it seems to me that warning signs like that dictate that moving down a server authentication method for a single player game is fucking stupid.

Unfortunately the people who make decisions about protecting profits aren't exactly technologically proficient, let alone able to understand the intricacies in a global network like the internet. I doubt the team that programs the game even has anything to do the team programming the DRM other than having to somehow work it into their product.

In essence, what Ubisoft here has done is given people a real reason to boycott their products in a major way. I can't say I've seen a grass roots boycott take off, but when you shit on your customers you essentially force the boycott through ineptitude.

True, time will tell on this one, but I doubt it will be long before Ubisoft make the decision to take the same route as EA by rolling back DRM - well, that or their stock will tank and the company will go under.

My shitty TimeWarner cable internet is constantly having intermittent connection problems. It's happened at least three times already today. Most of the time I don't notice it, and I'd appreciate not having some horrible DRM system making the problem worse.

The thing is, it doesn't matter if it's up 99.99999999999% of the time. Because most of the time you're not trying to play a game that requires the internet connection. It only matters if it happens to be down when you want to play the game.

The only way to achieve that is to have a connection that is either ALWAYS up 24x7 with 100% reliability; or otherwise is only down when you don't want to play the game. Neither is a particularly realistic proposition.

Sure, it's not the end of the world if you can't play the game at some point. But that's just weasel-words to get around the real issue: Ubisoft have added a dependency on a component which is otherwise completely unrelated to the game. If you're playing a single-player game, your internet connection shouldn't matter. In fact, a single-player game is exactly the kind of thing you might decide to do if your internet connection does go down in order to pass the time while you wait for it to be fixed.

And of course, it's not just your own internet connection that matters here: your ability to play the game is dependent on the reliability of things which are entirely outside of your control. Just because your connection to Verizon is up doesn't mean their connection to some other arbitrary network is working reliably.

Just because your connection to Verizon is up doesn't mean their connection to some other arbitrary network is working reliably.

I use Time Warner and a cablemodem.

One day, my net connect starts getting "spotty". Connect. Disconnect. Repeat all day long. After a couple of days it goes down altogether. I put in the call. Guy comes out and looks at the cable and shows me where a squirrel had been nibbling at it. Replaces the cable bit on the pole, off he goes. Cable goes right back down again. Put in another call. Another guy shows up, twiddles something, gets a good meter reading, and bails. Repeat this for about three months. Last guy finally fixes the problem - a router box upstream was foobaring my entire block's connection. Nobody on my block was getting internet, cable, anything through TWC. Dozens of customers complaining daily and it took them three months to finally figure out "gee the whole block is down, let's go look at the router for this block."

So a few weeks later, a lady calls me. A customer survey drone wanting to know about my "experience". I tell her how frustrating the whole thing was. How does she conclude the call?

By asking if I'd consider a package deal to have my telephone run through their modem too.

Not mad - but rather, scripted.
Deviate from the script = lose your job.
It's the script writers that have killed intelligent responsiveness in the "customer interface department".
No longer are people employed because of their knowledge of the subject, but because of their ability to "follow the script".
Reminds me of a story of contacting BT's Tech Support on behalf of a friend. I told the woman (in India) what steps I'd tried (all the steps anyone which any person with reasonably high levels of IT literacy would try) and she then took me through scripted steps, all of which I'd already tried, all of which I told her I'd tried, and when none of them worked she said "contact your pc vendor" and hung up. She didn't know ANYTHING about computers, just how to follow the script on the screen. Not technical support at all really.

The sad part is that it's likely quite a few of these actually have engineering degrees and real problem-solving skills but learned within a few weeks of starting their jobs that thinking for yourself and trying to find solutions that would not only temporarily fix a single customer's problem but also avoid having the problem happen to anyone else is not only not encouraged but downright discouraged, because thinking about things like that is what management is supposed to do.

This is at least how my experience with working tech support was, a bunch of guys, ~50% of which were engineers or computer scientists, sitting in a room applying the same stupid workarounds all day every day and complaining amongst each other about how they weren't being put to good use.

Not just all that but as crazy as it sounds I have gamer friends with no internet, but with all the latest consoles, games and ridiculously overpowered PCs. They own and enjoyed the previous Assasins Creed games but will never purchase this latest one. Congrats, Ubisoft, you just fucked over the only guy I know that buys around half dozen games monthly.

All internet connection arguments aside, let's not lose sight of two simple facts:

- The only people who can play the game right now are pirates.

- The only people who are blocked from playing the game right now are those who legally purchaced the game.

Which group would you rather be in?

Welcome to Bizarro World...

This is the whole problem with DRM of any kind.

It only ever works against the folks who actually paid for your game.

The pirates have cracked the DRM, they've removed it or bypassed it or whatever. Your DRM is completely and totally irrelevant to the pirates. At best it'll take a day or two before it is cracked, so a few very impatient folks will pay for the game rather than pirate it... But that's the best you can hope for.

Your paying customers, however, have to put up with whatever awful DRM you've wrapped your product in. They've chosen to do the right thing... To shell out their hard-earned cash for your product... Even though, generally speaking, they are able to get their hands on a pirated version. And you repay them by taking a big ol' dump on their computer.

But ubisoft did the stupid thing: bragged that their new system was going to be really hard to crack and there's few things that will get hackers hacking faster than telling them they're not smart enough to do it.

What is sad is I never thought I would see a day when EA would actually look like the better choice, but thanks to Ubisoft they look positively cuddly in comparison. Hey maybe that could be the new EA motto..."EA--Way nicer than Activision and not nearly as douchey as Ubisoft!"

Seriously though when are these companies gonna wake up and smell the fail? It is really soooo simple: give the customers MORE value for their money and watch them pay, screw them over and watch the piracy shoot up, as this proves yet again that often the pirate version is the better choice. For an example EA got me to shell out $30 for MOH: 10th anniversary, even though I heard Airborne sucked (which it did) and how did they do that? By packing in MOH:Allied Assault with both expansions, along with the Director's Cut of Pacific Assault and an interactive timeline of the pacific war and finally the soundtracks. In other words they gave me MORE for my money, so even though I already had Allied and Pacific I bought it.

But as long as they waste their time and the shareholder's money on stupid DRM that does exactly jack and squat to stop piracy while screwing over their paying customers we will continue to see the pirate version be actually more useful to the consumer than the retail version. it has gotten to the point I refuse to buy at release anymore, because I can never be sure if their crappy DRM will work with my 64bit OS. So I wait until a game hits the $30 bin before purchase, simply so I can have the No-DVD for the last patch ready to go at install. I used to buy all the big games at release, but this douchebag behavior on the part of the companies making the AAA titles has driven me away.

Thanks to them it is the $30 bin and GOG [gog.com] all the way. at least with GOG I can back up the installer and don't have to worry about DRM borking my machines. And in this economy bitch slapping your paying customers is a sure way to drive them off, just as I won't be buying any more games from Ubisoft, even though I was looking forward to AC2 and the latest Silent Hunter. Great move Ubisoft, burn all your customers while the pirates laugh their asses off. real smart.

Does it really matter though? If they're using something like this, they should had have hardened and test the system properly. Things like this are completely unacceptable. I would have thought they did as otherwise its going to backfire so good, but it seems stupid people never cease to amaze you.

poetmatt's theory that Ubisoft may have simply underestimated the packet rates needed to keep the auth servers up and responsive is interesting. It's entirely possible. Blizzard has faced such challenges several times with their authentication servers going down, although this is likely on a much larger scale than anything Ubisoft has had to deal with.

...which would have cost them more than the game will earn in profits.

I doubt it, but still a fatal flaw. Among many.
The game only lasts as long as the servers are up and active.
The servers are up and active as long as the game is still making a profit.
The profitable window for games is not very long.
So the game is fucked by design..
Long live stupid DRM. Every pissed off user is another nail in the coffin.

Hey, remind me of something: what are you talking about? It's not like network administrators have a magic "prevent DDOS" button.

DDOS's can take a couple hours to be noticed and a couple more to fix, and that's if it's something simple. They come in a variety of shapes and forms. If it's more complex, it won't be as easy as just turning off a port or access to something or IP filtering.

As an example, did you ever think that it's entirely possible that ubisoft DDOS'd themselves with their connection checking?

Why don't you actually go google it then? There are numerous ways of dealing with DDoS. Datacenters have to cope with it, large companies have to cope with it, etc. Have you ever seen microsoft.com go down? I bet you that their uptime isn't because they've just gotten lucky and haven't ever had to deal with a DDoS.

And one of the most critical ways to prevent DDOS is "do not rely on a constant connection". This is why "git" source control is so much better than CVS or Subversionl: you can operate on your own, do your work locally, record your changes or make tags or revert patches, and make connections for updates or pushes only when desired.

Microsoft pays an incredible amount for their uptime, but they absolutely _do not_ require a connection to their servers every time you want to run your software. Laptop and business users wouldn't tolerate such external requirements.

How convenient of you to use the excuse "I can't comment, because I don't know anything about their systems." You could quite easily list several steps you'd take to harden your systems; the theory will be the same no longer the system. This is just basically you speaking about some rhetoric without knowing the underlying topic at hand.
It's easy. All you need is huge pipes scattered around the world, feeding high-performance networking components and servers, and a couple of 24x7x365 NOCs staffed with hig

Would it make you happy if someone were to list every possible high-availability best practice we currently know, and make some inferences about the probable architecture and design of the system, applying each best practice to that aspect of the design? It's not like DDoS or high availability is a new thing, it's been around for quite some time. And you likewise contain no counterargument, just pointing out that there is nothing to argue against. You didn't add anything to the conversation, you proved no point, you certainly did not earn your informative moderation. Not that it matters to an AC. Why the hell am I even typing this? Oh well, here we go.

The simplest way to prevent DDoS in a situation like this is to have an front-end server (load balanced/clustered) which routes your request to either the authentication system (if your connection hasn't been authenticated) to validate the installation such as checking the license key and verifying whatever else they verify. Or if authenticated it goes to the "simply reply" server. Both of these servers can dynamically update the firewall rules on the front-end, or even before the front-end, if they have something like IPtables accepting input from a specific set of IPs on the intranet-facing rail. The front-end uses these to block any connections which send garbage data or try to re-authenticate using multiple license keys (brute-forcing) or basically try any type of connection other than the two allowed above - initial auth or continued ping. So you have 3 tiers for your IP addresses - initial (send to authentication), authenticated (send to keep-alive) and "other", which simply force-closes the connection, and the front-end redirects as needed. An expiration time of an hour or two should be sufficient, at which time it gets removed from the list and will go to authentication.

Customer service should be able to manually update the list to unblock you if you have a legitimate key. The only time a person should have to call customer service is if a continued DDoS is going on, and only if the user has a dynamic IP address or the DDoS is using spoofed IP addresses and managed to invalidate your connection. So this isn't an unworkable solution - it's a worst case high-call-volume type scenario, and a company would do everything in its power to keep paying customers working.

The front-end itself can have several IP addresses in the DNS entry, so you can scale up that part as needed.

The front-end deals with IP filtering, the second stage does request routing, and a server farm does either auth or ping. It would be trivial to create a list from the front-end so that the hosting provider can filter out the most egregious of offenders before it even hits the Ubisoft network. This is all pretty basic stuff, and most of it comes directly from reading other reports of DDoS and how it was handled.

At that point the only real problem is IP spoofing from a very large botnet, which would pretty much ruin your day. Even that has its defenses, but much trickier. It's unlikely that they planned for packet-inspection as part of the filtering, but anything that contains unexpected packet contents can be ignored, since you know what the client will be sending. Only a targeted DDoS would be effective then, crafting packets to appear to be legit.

Software could be optimized, for example if it's a simple database contention issue, or move to a RAID type solution allowing for faster access to the validation keys.

It's possible you're saying to yourself "Yes, but that won't prevent a DDoS, just mitigate it." I'll go ahead and address that before you post more rhetoric. "There are various techniques to battle against DDoS even on network level." Poster did not claim to completely prevent DDoS, just work around it.

Having said that, it's impossible to say whether they can use this particular description because we don't know whether they use authentication and keepalive, so the most we can say is either they implemented an unpro

Conceivably, but they could still wind up on the losing side of a class action suit by all the people that were unable to play due to the DRM scheme preventing them from doing so. I'd bet that it would only be a couple dollars a person at most, but losing a suit like that might just make companies think a little harder before screwing their customers.

But, who am I kidding, they'll just chock it up to losses to pirates and shake their fists all the harder because they can't directly access people's bank accounts.

And before you say "A DDoS wouldn't be UBIsoft's fault": Deliberately and needlessly introducing a single point of failure to your system is patently dumb, and most definitly the fault of the party that introduced it if it fails.

Ok, that's a bit of a stretch. While I would probably find it amusing if someone like the/b crowd went and messed with the auth servers to get a kick out of it, it's not what I'd consider something like a "political statement". Or a necessity because I'm so angry at them.

I'm not angry at UBIsoft for creating that DRM scheme. While I find it quite disappointing that I can't buy a game that I thought would be great (companies make games and set the terms, but I, and only I, get to choose whether I accept them), it's not like I'm "angry" over it. If find it amusing, though, that time and again my prophecies about games and why I do NOT buy them come true. MW2: Lack of servers will make cheating run rampart. Result: True. AC2: Mandatory internet connection will hurt legit players and not affect crackers. Result: Judge for yourself.

How would they do that? As far as I know, the pirated version doesn't even try to phone home, so there would be no way to track pirates.

I find it endlessly amusing that the only people who can play AC2 right now are the people who pirated it, despite the fact that the DRM is intended to prevent piracy. No pirates are inconvenienced by this outage; only customers who have already paid.

Well, right now it seems only the pirates are still going to play, while those legitimate customers will not. Reminds me of a quote I saw:

The Arch Demon's mantra has always been they will do it The Arch Demon's way once the pain becomes severe enough. However, it absolutely amazes The Arch Demon how much pain the IDOITS [legitimate customers in this case] can endure.

Because it pisses off a wide audience, not just the typical Slashdot reader. This may matter when it comes to selling other games. In particular, the people affected are the people ill-informed enough or naive enough to pay for such software. Once Bitten, Twice Shy.

Also because it kills the argument that this DRM isn't a big deal for anyone who doesn't plan to play the game for years. I know I've been told (by Battlefront.com, when inquiring about their system) that I was more likely to stop playing after years due to compatibility issues than because their DRM servers closed. Ubisoft presumably would have said similar, if asked about the end-of-life of their servers.

Why would this stem the awful DRM? They have the money, gamers are still going to play, life moves on.

Gamers have already paid for the game but you see the issue we have here is that gamers have only paid once for the game. All DRM schemes are about extorting more money out of customers. Whether by killing the 2nd hand market or planned obsolescence they want you to pay to keep playing your games.

Mark my words, in 12 or 18 months time EA/UBI and so forth will start complaining that keeping these DRM servers online is costing them money, meaning they require more money from existing customers to keep them on line.

Before they do that they would simply release a patch where those servers were not needed and allow you to download your save game.

I doubt it. Once you have already paid for the game, your continuing to play the game costs them money. It is in their best interest to simply shut the servers down as quickly as their lawyers say that they can without getting a class action suit. They won't allow you to play offline because if you could play without their DRM servers, you wouldn't need to buy new games as o

in europe you cant put 'you cant sue us' bullshit in eulas and get away with it. that only * may * work in usa.

Even in Europe a class action will be a hard sell to judges. Ubisoft will avoid a lawsuit in the same way as ESRI, AutoCAD or any other company that licenses it's software with a time limit and a kill switch after that time limit has expired.

The legalese will spread beyond the EULA and into many other licensing documents, after all that all Ubisoft have to do in order to reach around EU law is

you're only thinking of the hardcore that knows to hit forums. All it takes is 1 phone call or email and they've lost all the profit on the sale, even if the call consists of "Servers down, try again later!".

1) Gamers may try and return the game. I suppose Ubisoft could refuse to issue refunds but that opens them up to lawsuits. Like it or not, a sold product does have an implied warranty of fitness, meaning that it will work for the purpose you sell it. If it doesn't, customers can get their money back and if you won't give it to them, a court can and will force the issue.

2) It puts off people who haven't bought the game yet. Not everyone buys a game on the day it comes out. Plenty of people wait a bit. Well, they see this, realize that it is true if the auth servers are down there's no game to be played, and decide "Nah, I'll buy a different game." I mean we do not at all lack for good games these days, people can and will take their money elsewhere.

3) It can lead to these people refusing to be customers again. Sure you got their money this time, however a business does not live based on selling one product. You need repeat sales. People who get burned by this (or just hear about it) may decide to give Ubisoft products a miss in the future because of it.

The idea of "Oh well they got their money," is rather short sighted. When businesses operate like that, screwing people over and saying "We already got the money so who cares?" the end result is often the business suffering or going broke in the future.

Maybe they should educate themselves then. Consumer abuse such as DRM is getting by largely because of public ignorance. Even if they have to learn the hard way, ie buying a defective product, they learn nonetheless. If they need to feel burned to start taking notice then I'm glad we have companies like Ubisoft around to burn them.

Agreed, honestly I had no idea about the DRM in it as I've had the xbox 360 version for a few weeks as it came out prior to the PC release. I don't have my 360 connected to the internet so I would have never assumed a working internet connection would be needed on the PC had it not been for the/. article a ~week ago. And really, for a single player game to require an always on internet connection has to be an all time low.

Can't find it now, but definitly NOW the DRM protection WILL be the discussion topic on the schoolyard. And maybe company lunchrooms too. People who bought the game will ask around, especially their "IT clued" friends what they could do to play what they paid for, and they will be informed about how to get cracks.

People who never pondered cracking will now be introduced to it. So far they did actually buy their games. Either because they simply didn't know about it or, worse, because they didn't want to go through the hassle and thought that paying 50 bucks is easier, faster and less of a problem than futzing about with cracks and copying this and cracking that and executing this registry tuner and writing that into the registry...

Now they learn that buying games leads to more futzing, more frustration, more "it doesn't just work" than finding it in P2P and downloading it. Legal copies just lost the only edge they had over cracked ones: Ease of use and "just working".

Great job, UBIsoft. Just as the software industry finally regained some footing in the battle against copying, you go and aim the bazooka at your (and the industry's) foot.

Don't tell your friends to crack the game. Tell them to go to the store and demand their money back.

The software is fundamentally broken. You haven't gotten what you've paid for. Returns will be a lot more painful for Ubisoft. Pose 90% returned games vs 90% pirated games at a stock holders meeting, and they'd probably prefer 90% pirated, as the 90% returned will be more expensive in the long run.

You knew the game had this DRM, you knew that it was susceptible to server crashes, you whined about it endlessly, AND THEN YOU WENT OUT AND BOUGHT IT ANYWAY. How stupid can you get? Ubisoft must be laughing their heads off.

Did they? I didn't hear about the DRM until after the game was released. If I had not been waiting until it came down in price a bit, I might have purchased it based upon the merits of the first game and some early reviews which didn't mention the DRM.

I might even have failed to notice the small print which said that an Internet connection was needed in order to play it. I certainly wouldn't have expected that to be a requirement.

I bet a lot of people had no idea. This might do more to kill gaming on the PC than DRM, though.

In this case they learned a valuable lesson: There's more in a game but graphics, sound and gameplay today that you should inform yourself about before buying it: Its copy protection, and whether it is something you deem acceptible.

Saying that this will kill PC gaming is a bit far fetched, unless companies insist in it by continuing to push these kinds of copy protection. I'd consider it highly doubtful that people who played on PCs so far will go out and buy a 200+ bucks game console. I dare to extrapolate

"You knew the game had this DRM, you knew that it was susceptible to server crashes, you whined about it endlessly, AND THEN YOU WENT OUT AND BOUGHT IT ANYWAY. How stupid can you get? Ubisoft must be laughing their heads off."

The non-technically inclined audience does not and did not know of the DRM and its effects. Not everyone knows what kinds of issues it might lead to. The fact that you knew about it does not negate that fact. As such, such audience got screwed by this and it is in no way their own fault.

WTF I posted a link to google that shows how to play since UBIcraps servers are down and you call it ILLEGAL activities? RAbble rabble!
I will never buy another ubisoft product and I advise you to do the same!

Several DRM schemes have only involked a reaction in the tech community such as slashdot while the general public carried on not caring.
This shambles has made it painfully obvious to the masses of the dangers of DRM.
The 45 page thread [ubi.com] is evidence of it and is quickly filling up with hatred. Comments such as "I'll never buy from you again" which usually tend to be hyperbole this time ring true.

Hopefully the end result of this is that the public won't have a short attention span and make true on their threats of not buying from them again.

Honestly? I'm thinking of finding the customer support email for Ubisoft and writing them an email thanking them for giving a demonstration to their customers of why DRM is bad - people like me go on the forums and tell people that this shit will happen and they say "No it won't, the company wouldn't do that!" - now they know that they will. *jumps with glee*

What everyone predicted has happened.
The servers fail just after the game is released, tens (hundreds?) of thousands of customers are highly unsatisfied, not to say irate.
This is already a PR disaster, should the servers keep failing (whatever the reasons - the people don't care if your servers are to weak to handle the load or if some/b/tards decide to DDOS them for "pool's closed" - they only care that they cannot play the game they BOUGHT) it will become a massive one.
Oh, and since Silent Hunter 5 was already cracked I suspect a crack for Assassin's Creed 2 won't be long.
So in a way, Ubisoft, you decided to ignore the warnings, now your tears, they taste delicious.

The original idea of copyright, the whole "exchange" thing going on here, is that a content producer is granted a limited, exclusive time period to profit from a work before it becomes public domain, as the nature of any form of information allows unlimited copying anyway. In the US Constitution, this exchange is established to promote the advance of arts and sciences, and it is a reasonable way to encourage content creation as an actual profession. All understandable...

When a company places nasty digital restrictions management garbage on their information product, especially this kind of phone-home to use / read sort of nonsense, it completely removes the part of the exchange that the public receives. The public, the people, via government allowed a limited time for the content creator to exclusively profit from their work before it enters the public domain, and that is the concept of "copyright." DRM, especially this kind, breaks the agreement. It destroys the very foundation of the concept. Therefore, I do not consider any such work to be copyrighted. I am not a lawyer, etc... but I am someone who understands what copyright is for, and that it has become something else entirely. Unlimited terms (beyond a human's lifetime), means it is not under copyright. Permission-every-time sorts of access models mean it is not under copyright.

I know very well that these matters are settled by throwing money at lawyers and congress-creatures, and therefore, my opinion means nothing in a court of law. I also know that I do everything in my power to ensure that people understand the concept of "intellectual property" is against the very nature of information, and is a disgusting concept that has come about through purchased laws.

Now is the time to send a message to Ubisoft that this sort of intrusive DRM will NOT be tolerated. If the servers had stayed up and people just refused to buy the game, they would have written the poor sales off as being caused by "pirates." Now, you have a chance to prove otherwise. Every single person who bought this game on PC should return it to the store. Yes, most will attempt to deny the returns due to policy, or to exchange with a new copy since that one is perceived as damaged/defective. Do not stand for this. Tell them that yes, it is defective, but ALL copies are defective. Let them know that the software itself works just fine on your computer, and in fact ran EXACTLY the way it was supposed to. However, you are forced to return it because it does not work properly on yours or ANY system, because Ubisoft's servers weren't online to allow you to play a game that you legally purchased and met all the requirements for being able to play.

Ubisoft won't be able to shrug it off as "piracy" when their sales numbers for this game begin to shrink due to returns and angry retailers. THIS will hit them in the pocketbook more than a simple, dubiously effective boycott. When they are forced to start handing money back because of their failures, that will speak much louder than never having been paid that money to begin with.

Actually, I think that Digital Rights Management is actually the correct and honest-to-God description of it. They just hope you'll misunderstand whose rights they are protecting, and what those rights might be. A lot of people for example seem to think that if it mentions "rights", it might be your rights. In reality, it's about what rights they can give themselves to shaft you. E.g., their unilaterally self-given "right" to revoke your legal customer rights, by preventing you from reselling the game.

1. Give The Game away free (sans DRM and assorted BS), let people pay for it on an honor/donations basis if they like playing it.

Actually my experience with Silent Hunter 5 (having played the game somehow for a frustrating hour or so) is that I don't want it even for free. The game sucks balls. I guess the only good thing about this whole experience is that I updated my video driver.

The guy behind mIRC did this, and I still remember reading an interview with some guy probably years after the first release where he was one of the early people who had actually paid for it assuming that he had to. He was like number 10+ or something such.

So yeah, works great having people pay if they like the product, or not..

Well, that probably won't work either because, well, people are cheap. Let's be frank here, maybe a few people who know what effort and work is associated with creating a game will donate, but most won't. And there's a few millions to be recovered.

But how about, you know, selling the games for 50 bucks a piece, without DRM? I know, it's a radical idea, but think about it that way: No 20 bucks per unit for worthless DRM and no customer service troubles due to faulty DRM resulting in a smaller support departm

You should look into Stardock [stardock.com]. They're an independent studio/publisher based in Michigan that have some pretty top-notch games. They're also widely known to have a very pro-gamer stance on DRM.

In Germany, EULAs are non-binding if they're not presented before the sale. There's no way to disclaim fitness for the obvious purpose of the program either. Furthermore, if modifications are necessary to make the program work as intended, then such modifications are legal even without the author's consent: Happy cracking. Last but not least, the vendor who sold the defective product must either take it back and refund the price or fix the problem.

They might not want to pay the asking price. To lower my asking price, I need to either reduce costs or increase sales volumes enough to cover the price change. Without having any studies to investigate this, I would personally suspect that there are too few people who would be willing to pay at any given price below current shelf prices to justify the drop (eg, if you charge 1/2 the price, you won't have 2x the sales, replace "2" with "n" and the statement holds true). I wouldn't bother doing anything about this category of pirate, because they would never pay the price, so I'm just throwing away money trying to stop them playing.

They might not want to wait for the game to be released in their region. I either need to lrn2globalmarket or use an online distribution model. Both are feasible. Both have been done successfully. A game publisher not investigating how they can do near-simultaneous global releases, and ways they can ship electronically, is a game publisher on a trajectory into a dirt nap right now.

They might be fed up with games that don't work as well as the pirated version. This should be a no-brainer. A game should perform better if it's legit than if it's pirated. Simple idea with no real analysis behind it: you can tie in social services. UbiSoft could have a social platform for high scores, game achievement rankings, online guilds and forums, all tied to a CD-key based account, and common across all their games to amortise the cost of development and maintenance.

A company that clearly has done this research is Blizzard Entertainment. They get all three of these things right: older games are cheap enough that the second-hand market is pretty much dead, they can be downloaded (multiple times, tied to your battle.net account), and battle.net offers online play and ladders using game keys, a very simple and cheap to operate protection system. People still pirate Blizzard games, but I doubt it has a very significant impact on their bottom line. And having done their research, they've probably got other mechanisms in place that I haven't even thought of.

UbiSoft, on the other hand, have fucked themselves sideways with a broomstick. They've spent millions on a flaky DRM system, they're offering an expensive product with more restrictions than the pirate copy, and they haven't even released it in the US yet. It's like they've got a CEO with a significant golden parachute clause in his contract that's just waiting to be fired by the board.

Here's the problem - that works wonderfully as a theory. It fails utterly in practice.

Really? Based on what metric?

The simple fact that PC game developers are still in business and still making money, despite wasting who knows how many millions of dollars every year on failed anti-piracy measures is all it takes to prove otherwise. And that's not even mentioning the small developers that are being successful despite using no DRM whatsoever. Here's just one excellent example: http://en.wikipedia.org/wiki/Sins_of_a_solar_empire [wikipedia.org]. Here's a bit I'm quoting from the page itself: "As of September 2008, Stardock's CEO, Brad Wardell, has stated that the game has sold over 500,000 units, with 100,000 of those being digital download sales, on a budget of less than $1,000,000. It sold 200,000 copies in the first month after release alone." And since the sources for that quote are extremely relevant here, I'll link those as well. http://www.gamasutra.com/php-bin/news_index.php?story=20026 [gamasutra.com] http://www.techreport.com/discussions.x/14383 [techreport.com]

The only possible metric you can use that would make what you said in any way correct is the one the big corporations use: that every pirated copy is a lost sale. So I guess it "fails utterly" if your metric is that they aren't making near as much money as they "could" be.